Redirects
Evasive Maneuvers in Data Stealing Gateways
We have already shared examples of many kinds of malware that rely on an external gateway to receive or return data, such as different malware payloads. During a recent investigation, we came ...
Legacy Mauthtoken Malware Continues to Redirect Mobile Users
During malware analysis, we regularly find variations of this injected script on various compromised websites: . The variable “_0x446d” assigns hex encoded strings in different positions in the array. If we get ...
Redirects to YouTube Defacement Channel
During a recent investigation, we found an infected website was redirecting to YouTube after its main index.php file had been modified to include the following line of HTML: <meta http-equiv='refresh' content='2;url=https://youtu.be/fsqzjDAO2Ug'> This ...
SiteCheck Malware Report: September Summary
Our free SiteCheck tool helps website owners remotely scan their website to detect malware infections, blacklisting status, website errors, and other anomalies. Scanning a website’s external HTML source code provides immediate results, ...
Malicious Pop-up Redirects Baidu Traffic
Malicious pop-ups and redirects have become two extremely common techniques used by attackers to drive traffic wherever they want. During a recent investigation, we came across an obfuscated pop-up script leveraging baidu[.]com ...
Web Crawler & User Agent Blocking Techniques
This is a simple script that allows hackers to block specific crawlers based upon website requests from specific user-agents. This is useful when you don’t want certain traffic from being able to ...
Spox Phishing Kit Harvests Chase Bank Credentials
Phishing kits are the back end components to a phishing attack and are often designed to make it easier to deploy a phishing page. These kits are typically bundled in compressed files, ...
Vulnerabilities Digest: June 2020
Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and issues surrounding ...
Vulnerable Plugins: June 2020 Update
This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed vulnerabilities. PluginVulnerabilityPatched VersionInstalls Elementor Page Builder Authenticated Stored XSS 2.9.10 5000000 AdRotate ...
Evasion Tactics in Hybrid Credit Card Skimmers
The most common type of Magento credit card stealing malware is client-side JavaScript that grabs data entered in a checkout form and sends it to a third-party server controlled by the attackers ...
